<?php // login.php
$db_hostname = 'localhost';
$db_database = 'searl1_boomslanger';
$db_username = 'searl1_root';
$db_password = 'R0FLc0pt3r';

mysql_connect($db_hostname, $db_username, $db_password) 
        or die("Unable to connect to MySQL: " . mysql_error());
mysql_select_db($db_database)
        or die("Unable to select database: " . mysql_error());

function queryMysql($query)
{
    $result = mysql_query($query) or die("Unable to perform query" . mysql_error());
    return $result;
}

// remove malicious code/tags ie. potential html/sql injections
function sanitizeString($string)
{
    $string = strip_tags($string);
    $string = htmlentities($string);
    $string = stripslashes($string);
    return mysql_real_escape_string($string);
}

function validateLogin($username, $password)
{
   $query = "SELECT * FROM User WHERE UserName = '$username'";
    $result = queryMysql($query);
    if(mysql_num_rows($result))
    {
        $token = hash('sha512', lsalt.$password.rsalt);
        $row = mysql_fetch_row($result);
        if($token == $result[1])
        {
            return true;
        }
    }

    return false;
}
?>